Congress eyes privacy rights for non-U.S. citizens

Lawmakers and tech companies — including Google — are calling for the U.S. to extend certain Privacy Act rights to non-U.S. citizens.

At issue is a data sharing “umbrella agreement” that U.S. and European Union negotiators agreed to earlier this week. The E.U. says that if Congress does not pass legislation extending the right to seek legal redress for privacy violations to non-U.S. citizens, the agreement is a no-go.

The lawmakers have cast the bill as urgent in light of its significance in the umbrella agreement negotiations.

The U.S. and the E.U. have been struggling to rebuild trust after Edward Snowden revealed the breadth of the National Security Agency’s digital surveillance of U.S. allies. Tuesday’s agreement is seen as an important step to rebuilding E.U.-U.S. data flows.

“[The Judicial Redress Act] is an extremely important bill,” Hatch told The Hill. “It’s small, but very, very important that we treat our European allies fairly. And they're not going to move ahead with some of the things we need unless we do that. So I think it’s something we have to do and do quickly.”

Murphy echoed Hatch in a statement on Thursday.

“Our bill simply provides the same type of limited privacy protections to our European allies that U.S. citizens already enjoy in European courts, and is a necessary step in cementing the transatlantic law enforcement cooperation that keeps Americans safe,” Murphy said.

The tech industry has taken an equally pragmatic approach in its support of the bill.

Berin Szoka, president and founder of the think tank TechFreedom called the bill “smart geopolitics” in a panel discussing the legislation on Thursday.

Passing the bill, Szoka said, is both the “right thing to do” and a potential boost for the U.S.’s image on privacy iussues in the wake of the Snowden revelations.

“The U.S. is in dire need of rebranding,” Szoka said. “Whether you think Edward Snowden was a hero or a criminal, our brand as a nation has suffered terribly.”

In the international tech market, Szoka said, smaller IT companies already have a hard time building brand trust and are easily displaced by overseas rivals who may have a better reputation for protecting users’ privacy solely because they are non-U.S. companies.

“The Judicial Redress law would be an important first step in establishing a framework where individuals have comparable privacy rights regardless of their citizenship,” David Lieber, privacy council for Google, said on the same panel. He noted that it was “important” for American companies to be seen as supportive of the E.U.’s push to protect its citizens’ privacy rights in the U.S.

Both lawmakers and industry leaders were definite on the importance of the bill to the umbrella agreement — the legislation is not something that E.U. negotiators will likely budge on.

“This was listed not as a request but as a demand,” Lieber said. “I think it’s fair for us to assume that that demand should be treated as such and Congress should move expeditiously.”

Murphy and Hatch told reporters this week they might seek unanimous consent to speed the Senate bill’s passage. Lieber said House lawmakers are also planning a similar approach to avoid time-consuming committee markups.

Another option might be tacking the language onto the stalled Cybersecurity Information Sharing Act (CISA) in the Senate, although given the lack of opposition to the measure — and given that CISA may languish indefinitely in a crowded fall calendar — Murphy told reporters on Tuesday that “if we can get it hotlined later this year, we will.”

“Now that we know it’s instrumental to this agreement, I think we’ll have more purchase within both caucuses,” Murphy said.

“This is a bill that can be wrapped up in near future without too much controversy,” Lieber affirmed.